12-24-2012 10:26 AM - edited 03-11-2019 05:40 PM
Hi,
I'm pretty sure the answer to this is that only one-to-one NAT will do, but in case I've missed a trick, please let me know. I have several internal devices that need to use PAT (due to limited global ip addresses) as shown below where incoming tcp 2201 is translated to ssh and directed to the first device, tcp 2201 gets translated and directed the the 2nd device, and so on.
object network device1
host 10.1.10.35
nat (inside,outside) static 12.x.y.z service tcp 22 2201
object network device2
host 10.2.10.35
nat (inside,outside) static 12.x.y.z service tcp 22 2202
object network device3
host 10.3.10.35
nat (inside,outside) static 12.x.y.z service tcp 22 2203
The vendor of these devices would like to see the return traffic, which is not ssh but udp 500 and udp 4500, egress the same address above 12.x.y.z
Is there a way to do that without one-to-one NAT?
Solved! Go to Solution.
12-24-2012 06:09 PM
Hello,
Well as the oubound connection will be in place because of the inbound connection as you said there is no way to make that happen
Sorry to tell you that my friend
Merry Christmas
Julio
12-24-2012 03:43 PM
Hello,
So why dont you perform a destination Port-forwarding but in this case saying any packet being sourced from port 500 or 4500 look like 12.x.y.z??
Also what do you mean by a reply? are those packets going to start on the outside world or this devices will start the Isakmp connections?
Regards,
12-24-2012 05:40 PM
My example description is wrong, but maybe you picked up on that.
From the outside inbound...
tcp 2201 translates to ssh and is sent to device1
tcp 2202 ssh to device2
tcp 2203 ssh to device3
These devices accept ssh connections and then initiate a tunnel outbound with udp 500 and udp 4500.
Given the PAT config already in place, I'm not sure how to code your suggestion.
Can you give me an example?
12-24-2012 06:09 PM
Hello,
Well as the oubound connection will be in place because of the inbound connection as you said there is no way to make that happen
Sorry to tell you that my friend
Merry Christmas
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide